2 Factor Authentication



2 Factor Authentication

2 Factor authentication is a very common means of allowing access to your internal resources while mitigating the risk. This makes it so you not only need a username and password to gain access but another method to validate your credentials as well. This can consist of a Authentication Certificate, Smart Card, hardware token, sms to a phone, a phone call, hardware token or other type of verification. These have typically been very expensive but now there are methods out there that make it very affordable for small businesses or even individuals and while it can take some work to integrate into your system, if you have the know how it is doable and becoming easier.

Duo Security

I have come to like Duo Security. When I first started playing with them they had basic windows support  and Linux support including a module of Drupal. Now they have all kinds of installs for you from RDS, TMG, RDP, ADFS, Outlook Web App, Wordpress, Linux/Unix SSH, OpenVPN, VMWare View to name a very few of the many available. They have added a lot of support in a very short time and am really impressed with them. You can have up to 10 users with up to 1000 authentications a month for free (at the time of this post). You can use a landline, Cell phone, SMS or other device. You can even purchase hardware tokens from them ( about $100 for 5 from them) or 3rd party such as YubiKeys or other OATH HOTP-compatible tokens and use them.

Hardware Tokens

To see how hard it would be to use hardware tokens, I purchased 2 YubiKeys from a 3rd party, configured them and imported them into the system. it took a couple hours to figure out but was doable and has worked very reliably. After a couple months of use (I just left one plugged into my lab pc) one of the YubiKeys stopped functioning. may have just been one of those things. It is still under warranty so I should be able to get it replaced.

Next I purchased 5 (minimum purchase quantity) of DUO Security's tokens. They were automatically added to my account so all I had to do was sync them when they came. They have a LCD readout and the battery is supposed to last 5 years. We will see if I am still using them in 5 years... Anyhow, to be honest I prefer the YubiKeys to the Duo Security tokens. They are smaller and seem to have a more complex code. On both I would prefer to have a pin I have to type plus the code in the token such as I would have with a RSA token, but for the cost I guess I can't complain any and given it is just for remote access to my lab environment it should be more than adequate.  

Phone Factor

One is Microsoft's PhoneFactor  This one will call or text you when you try to log into a site that uses their service. Costs for it run about $2/month per user (Unlimited Authentication) OR $2/10 Authentication.  The up side is that it integrates into Microsoft products relatively easily and is not that expensive. The down side is that if you are using another platform in your environment such as linux, it will take some work. Another downside is the lack of supported devices. you have to use a phone for wither a phone call or a text. You do not have the option of a hardware token which is my preference.

This website and its content is copyright of ITHierarchy Inc - © ITHierarchy Inc 2013-2015. All rights reserved.

Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following:

  • you may print or download to a local hard disk extracts for your personal and non-commercial use only
  • you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material

You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.